inH1THM

Fake Authentication Attack

How This Attack Works:

  • Target a WEP Network

    The attack works only on WEP-protected networks, not WPA/WPA2.

  • Send a Fake Authentication Request

    You send a packet to the AP saying:

    "Hey! I’m a real client, please let me connect."

  • The Access Point Replies

    Even without verifying the password, some WEP routers will respond with:

    “✅ Authentication successful”

  • You’re Now 'Associated'

    This allows you to:

    • Stay connected (temporarily)

    • Capture or inject packets

    • Launch other attacks (like ARP replay, fragmentation, etc.)

  • Use Other Attacks to Generate Traffic

    Now that you're accepted by the AP, you can:

    • Capture more packets (IVs)

    • Crack the WEP key faster

# show adapter Mac address 
macchanger --show wlan0

Sniff network

airodump-ng wlan0 --channel 1 --bssid D8:29:18:0A:08:91 --write auth-fake

FakeAuth Attack

aireplay-ng --fakeauth 0 -a D8:29:18:0A:08:91 -h 86:f2:d1:52:60:99 wlan0

# h refer to mac address for adapter
2025-06-16 12_37_54-Kali Linux - VMware Workstation.png
PreviousWEP crackingNextFragmentation Attack